Automate Linux VM OS Updates Using OSPatching Extension

Azure VM OSPatching extension for Linux enables the Azure VM administrators to automate the VM OS updates with the customized configurations. If this is your first time using VM extensions, you might want to check here for background.

A. Checking idle state:
Before patching, the extension will check the status of the VM, by calling a user provided script. IF this script returns 1 it will move foward for the patching, otherwise it will stop. The script can be located at Azure storge or Github, you need to provide the URL of the location as the parameter.
B. Validating the system status after patching
After patching, the extension will check the system health by calling a user provided script, and report the result to the extension log file. The script can be located at Azure storge or Github, you just need to provide the URL of the location as the parameter.

Supported Functions

You can use the OSPatching extension to configure OS updates for your virtual machines, including:

Specify how often and when to install OS patches

Specify what patches to install

Configure the reboot behavior after updates

Extension Parameters

Administrator can configure the OS updates with following parameters, please note the parameters are case sensitive.

Parameter

Description

Value Type

Default Value

intervalOfWeeks

The update frequency (in weeks)

Integer. Starting from 1.e.g. "intervalOfWeeks" : "1"

“1”

dayOfWeek

The patching date (of the week)You can specify multiple days in a week.

1 If the startTime is set to an empty string, it will set the installation to “One-off” mode, see scenario 3 below for details.2For installDuration, if the actual installation exceeds the allowed time user had specified, the update process will try to stop the installation, and resume it at next scheduled installation. However depending on the installation stage, the installation may not always be stopped, in that case, it may exceed the allowed time.

Please also note, there is a fixed download time limit of 1 hour. If the downloading time exceeds 1 hour, the downloading process will be stopped, it can be resumed next time. The extension will log the error in the log file, see the “Checking the Status” section for details.

Sample Scripts and User Scenarios

Following are major scenarios with the sample PowerShell scripts and xPlat commands. Please note the parameters are case sensitive.

Scenario 1: Setting up Recurring OS Updates

For regular recurring patching, you can configure the schedule using “intervalOfWeeks”, “dayOfWeek” and “startTime”. Below is the sample script:

Please note, the extension will not “remember” the state of the settings; when you modify existing settings, you have to specify the value for each parameter again, even though you don’t intend to change it, otherwise the value will be reset to default. You can check your current OS update setting from the status file, see the “Checking Status” section below for details.

Scenario 3: One-off Patching

Sometimes you may want to install updates immediately, for example, installing critical patches. You can configure your OS update as one-off mode, by setting “startTime” to empty string without change other settings. OS updates will start immediately after the configuration. The One-Off patching will only be executed once, after that, it will automatically go back to the last recurring update settings.Note if you need to modify any settings in addition to “startTime” when setting the One-off mode, you will need to run the script again, specifying value for each parameter after the One-off patching, in order to resume the original settings, see scenario 2 on how to modify settings.

Checking Status

To check the deployment status of the extension, run following PowerShell command :

Get-AzureDeployment -ServiceName "Your Service Name"

Azure Portal will display the extension status and final OS update settings, this feature will be available in a few weeks.

To check the detailed extension status and final OS update settings, you can reference files in following location inside the VM: “/var/lib/waagent/Microsoft.OSTCExtensions.OSPatchingForLinux-version/status/”

Checking the OS Update Status

The OS patching process will log status and errors in following files inside the VM: “/var/log/azure/Microsoft.OSTCExtensions.OSPatchingForLinux/<version>/extension.log” and “/var/log/waagent.log”.

The OS patching process will also record the downloaded and installed package list in following files inside the VM: Downloaded packages in file “/var/lib/waagent/package.downloaded”. Installed packages in file “/var/lib/waagent/package.patched”.

Additional Notes

The OSPatching leverages following Linux commands for OS patching. When using OSPatching extension, we recommend you stop applications that utilizing the same commands listed below to avoid conflicts. In most cases they cannot be executed in multiple processes at the same time.